IOSCO urged member jurisdictions to continue using internationally recognized cyber regulation frameworks (the "Core Standards").
According to IOSCO, member jurisdictions should continue to draw from the Core Standards rather than creating new frameworks that may lead to market fragmentation. The Core Standards include:
-
the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which was developed for operators of critical infrastructure;
-
the CPMI-IOSCO Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO Guidance), which was designed for financial market infrastructure; and
-
the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), which was created for both public and private sectors.
IOSCO cautioned that there is still more work to be done with regard to cyber regimes, highlighting that a "minority" of survey respondents reported that:
-
they consider cyber risks to be less important as compared to other risks facing financial firms; and
-
their cyber regimes are not "generally consistent" with the Core Standards.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]